Why are non-collision-resistant hash functions considered insecure for signing self-generated informationWhy are hash functions one way? If I know the algorithm, why can't I calculate the input from it?Can a zero knowledge proof of voting be made using a trusted auth server (without client side crypto)?What are the implications of SHA-1 collision for other hash functions like RIPEMD-160?

How do I get a decreased-by-one x in a foreach loop?

How to find out the average duration of the peer-review process for a given journal?

Is there any way to keep a player from killing an NPC?

Thank God it's Friday, tomorrow is THE weekend. Why the definite article?

Why in most German places is the church the tallest building?

What is this symbol: semicircles facing each other?

Is for(( ... )) ... ; a valid shell syntax? In which shells?

How do I, an introvert, communicate to my friend and only colleague, an extrovert, that I want to spend my scheduled breaks without them?

How do you harvest carrots in creative mode?

Antonym of "billable"

What do these triangles above and below the staff mean?

Is it possible to perform a regression where you have an unknown / unknowable feature variable?

What is the difference between Major and Minor Bug?

“T” in subscript in formulas

Ensuring all network services on a device use strong TLS cipher suites

Heyacrazy: Careening

Did a flight controller ever answer Flight with a no-go?

Why does The Ancient One think differently about Doctor Strange in Endgame than the film Doctor Strange?

What would be the challenges to taking off and landing a typical passenger jet at FL300?

Algorithms vs LP or MIP

State-of-the-art algorithms for solving linear programs

Tensorflow - logistic regrssion -oneHot Encoder - Transformed array of differt size for both train and test

What to say to a student who has failed?

If all stars rotate, why was there a theory developed that requires non-rotating stars?



Why are non-collision-resistant hash functions considered insecure for signing self-generated information


Why are hash functions one way? If I know the algorithm, why can't I calculate the input from it?Can a zero knowledge proof of voting be made using a trusted auth server (without client side crypto)?What are the implications of SHA-1 collision for other hash functions like RIPEMD-160?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








3















Let we have a hash function that is second preimage resistant but not collision-resistant.



Then an adversary can create a pair of different messages M and M', M is benign and M' is malicious, for both of which the signature will be valid.



I don't understand why it is an issue in the setting where signatures are used to authenticate origin of data created by the same entity. So if one signs some software he claims "I have created this content myself, if it contains malware, blame me". And for keys: "this public key has a corresponding private key, I have access to it".



If one crafts a collision and signs self-generated data ... he still claims the above statements.



So should such hash functions be considered secure for things like self-signed certificates and code signing?










share|improve this question
































    3















    Let we have a hash function that is second preimage resistant but not collision-resistant.



    Then an adversary can create a pair of different messages M and M', M is benign and M' is malicious, for both of which the signature will be valid.



    I don't understand why it is an issue in the setting where signatures are used to authenticate origin of data created by the same entity. So if one signs some software he claims "I have created this content myself, if it contains malware, blame me". And for keys: "this public key has a corresponding private key, I have access to it".



    If one crafts a collision and signs self-generated data ... he still claims the above statements.



    So should such hash functions be considered secure for things like self-signed certificates and code signing?










    share|improve this question




























      3












      3








      3


      2






      Let we have a hash function that is second preimage resistant but not collision-resistant.



      Then an adversary can create a pair of different messages M and M', M is benign and M' is malicious, for both of which the signature will be valid.



      I don't understand why it is an issue in the setting where signatures are used to authenticate origin of data created by the same entity. So if one signs some software he claims "I have created this content myself, if it contains malware, blame me". And for keys: "this public key has a corresponding private key, I have access to it".



      If one crafts a collision and signs self-generated data ... he still claims the above statements.



      So should such hash functions be considered secure for things like self-signed certificates and code signing?










      share|improve this question
















      Let we have a hash function that is second preimage resistant but not collision-resistant.



      Then an adversary can create a pair of different messages M and M', M is benign and M' is malicious, for both of which the signature will be valid.



      I don't understand why it is an issue in the setting where signatures are used to authenticate origin of data created by the same entity. So if one signs some software he claims "I have created this content myself, if it contains malware, blame me". And for keys: "this public key has a corresponding private key, I have access to it".



      If one crafts a collision and signs self-generated data ... he still claims the above statements.



      So should such hash functions be considered secure for things like self-signed certificates and code signing?







      hash digital-signature code-signing






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 4 hours ago







      KOLANICH

















      asked 8 hours ago









      KOLANICHKOLANICH

      5124 silver badges13 bronze badges




      5124 silver badges13 bronze badges























          3 Answers
          3






          active

          oldest

          votes


















          4















          Digital signatures are designed to do three things:



          1. Ensure the integrity of the data that has been signed

          2. Create some degree of non-repudiation by the signer

          3. The purpose you mentioned, which is to authenticate the origin of the message

          The biggest issue with hash functions that are susceptible to collisions is that you very quickly lose the first design goal. If two different messages can have the same signature, then you can't know which are genuine.



          So, what's the big deal if I can sign two different messages with the same signature? You still know they both came from me and can hold me accountable, right? Well, perhaps. There are certainly some cases where this can be abused, but we're going to ignore them because they aren't the real issue. The real issue is where you can craft two messages that will have the same signature and the submit one of the for someone else to sign.



          The canonical example here is a x.509 (SSL/TLS) certificate request. In this case, a poorly designed certificate signing process can be leveraged to induce a Certificate Authority to sign a certificate for one subject or with one set of properties (like an end-entity certificate), only to have the signature collide with the signature for a second certificate also generated by the attackers that would not have been issued for a subject the attackers don't control, or a CA cert, and that rouge cert can now benefit from the perfectly valid signature associated with first, benign certificate.






          share|improve this answer
































            3















            Xander's answer is fundamentally correct: the issue is getting someone else to sign a benign message and use the signature for the malicious one. It is worth noting that although when you make a collision you don't get to decide on the messages directly, you often do get to decide on part of the message. For example I couldn't persuade you to sign "My name is KOLANICH" and swap it for "My name is Josiah": the hashes are vanishingly unlikely to match. However I might be able to get you to sign "Please pay account number X $50 for shoes with reference code ZZZZZZZZZZ." and then replace it with "Please pay account number X $50000 with reference code YYYYYYYYYY." In this scenario I choose whichever Y and Z I need to get the collision.



            An additional reason that they are considered insecure is a canary in a coal mine situation. It is easier to find a collision than to find a second preimage; strictly so because if you had a second preimage attack you automatically have a collision, but not vice versa. However, even though having a technique for finding a collision doesn't directly give you second preimages, it does suggest that there is some regularity to the hash function that is likely to surface vulnerabilities which would with further research allow finding preimages.






            share|improve this answer


































              0















              Well, in theory you would be right. In some very specific cases those hashes would not be completely broken.



              However, you would need to be extra cautious, and supposedly some "self-generated" data could actually be insecure. Would you consider the check's written by the accountant to be self-generated by the accountant? Apparently yes, but it actually contains externally controlled data that could be used to produce a signature of a different content.




              So should such hash functions be considered secure for things like self-signed certificates and code signing?




              You don't really verify self-signed certificates, so you could ignore the hash function used.



              On the other hand, I wouldn't consider it secure for code signing. You are probably using external libraries, so a third party could have prepared a library that, when compiled, allowed it to replace a block of code with a malicious one that collides with it.



              Please note that although in some specific cases a "broken hash" may work, given that we have perfectly fine non-broken hash functions, that don't need such careful detail, it is much better to use them when possible.



              And finally, do remember attacks only get worse with time. The security margin of that function is much severed than of collision resistant ones. An attack that one day seemed unfeasible, or a hash function that was "only" not collision-resistant, not-too-long after may be further broken with a new discovery, forcing you to need to change it real quick.






              share|improve this answer



























                Your Answer








                StackExchange.ready(function()
                var channelOptions =
                tags: "".split(" "),
                id: "162"
                ;
                initTagRenderer("".split(" "), "".split(" "), channelOptions);

                StackExchange.using("externalEditor", function()
                // Have to fire editor after snippets, if snippets enabled
                if (StackExchange.settings.snippets.snippetsEnabled)
                StackExchange.using("snippets", function()
                createEditor();
                );

                else
                createEditor();

                );

                function createEditor()
                StackExchange.prepareEditor(
                heartbeatType: 'answer',
                autoActivateHeartbeat: false,
                convertImagesToLinks: false,
                noModals: true,
                showLowRepImageUploadWarning: true,
                reputationToPostImages: null,
                bindNavPrevention: true,
                postfix: "",
                imageUploader:
                brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
                contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
                allowUrls: true
                ,
                noCode: true, onDemand: true,
                discardSelector: ".discard-answer"
                ,immediatelyShowMarkdownHelp:true
                );



                );













                draft saved

                draft discarded


















                StackExchange.ready(
                function ()
                StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f215836%2fwhy-are-non-collision-resistant-hash-functions-considered-insecure-for-signing-s%23new-answer', 'question_page');

                );

                Post as a guest















                Required, but never shown

























                3 Answers
                3






                active

                oldest

                votes








                3 Answers
                3






                active

                oldest

                votes









                active

                oldest

                votes






                active

                oldest

                votes









                4















                Digital signatures are designed to do three things:



                1. Ensure the integrity of the data that has been signed

                2. Create some degree of non-repudiation by the signer

                3. The purpose you mentioned, which is to authenticate the origin of the message

                The biggest issue with hash functions that are susceptible to collisions is that you very quickly lose the first design goal. If two different messages can have the same signature, then you can't know which are genuine.



                So, what's the big deal if I can sign two different messages with the same signature? You still know they both came from me and can hold me accountable, right? Well, perhaps. There are certainly some cases where this can be abused, but we're going to ignore them because they aren't the real issue. The real issue is where you can craft two messages that will have the same signature and the submit one of the for someone else to sign.



                The canonical example here is a x.509 (SSL/TLS) certificate request. In this case, a poorly designed certificate signing process can be leveraged to induce a Certificate Authority to sign a certificate for one subject or with one set of properties (like an end-entity certificate), only to have the signature collide with the signature for a second certificate also generated by the attackers that would not have been issued for a subject the attackers don't control, or a CA cert, and that rouge cert can now benefit from the perfectly valid signature associated with first, benign certificate.






                share|improve this answer





























                  4















                  Digital signatures are designed to do three things:



                  1. Ensure the integrity of the data that has been signed

                  2. Create some degree of non-repudiation by the signer

                  3. The purpose you mentioned, which is to authenticate the origin of the message

                  The biggest issue with hash functions that are susceptible to collisions is that you very quickly lose the first design goal. If two different messages can have the same signature, then you can't know which are genuine.



                  So, what's the big deal if I can sign two different messages with the same signature? You still know they both came from me and can hold me accountable, right? Well, perhaps. There are certainly some cases where this can be abused, but we're going to ignore them because they aren't the real issue. The real issue is where you can craft two messages that will have the same signature and the submit one of the for someone else to sign.



                  The canonical example here is a x.509 (SSL/TLS) certificate request. In this case, a poorly designed certificate signing process can be leveraged to induce a Certificate Authority to sign a certificate for one subject or with one set of properties (like an end-entity certificate), only to have the signature collide with the signature for a second certificate also generated by the attackers that would not have been issued for a subject the attackers don't control, or a CA cert, and that rouge cert can now benefit from the perfectly valid signature associated with first, benign certificate.






                  share|improve this answer



























                    4














                    4










                    4









                    Digital signatures are designed to do three things:



                    1. Ensure the integrity of the data that has been signed

                    2. Create some degree of non-repudiation by the signer

                    3. The purpose you mentioned, which is to authenticate the origin of the message

                    The biggest issue with hash functions that are susceptible to collisions is that you very quickly lose the first design goal. If two different messages can have the same signature, then you can't know which are genuine.



                    So, what's the big deal if I can sign two different messages with the same signature? You still know they both came from me and can hold me accountable, right? Well, perhaps. There are certainly some cases where this can be abused, but we're going to ignore them because they aren't the real issue. The real issue is where you can craft two messages that will have the same signature and the submit one of the for someone else to sign.



                    The canonical example here is a x.509 (SSL/TLS) certificate request. In this case, a poorly designed certificate signing process can be leveraged to induce a Certificate Authority to sign a certificate for one subject or with one set of properties (like an end-entity certificate), only to have the signature collide with the signature for a second certificate also generated by the attackers that would not have been issued for a subject the attackers don't control, or a CA cert, and that rouge cert can now benefit from the perfectly valid signature associated with first, benign certificate.






                    share|improve this answer













                    Digital signatures are designed to do three things:



                    1. Ensure the integrity of the data that has been signed

                    2. Create some degree of non-repudiation by the signer

                    3. The purpose you mentioned, which is to authenticate the origin of the message

                    The biggest issue with hash functions that are susceptible to collisions is that you very quickly lose the first design goal. If two different messages can have the same signature, then you can't know which are genuine.



                    So, what's the big deal if I can sign two different messages with the same signature? You still know they both came from me and can hold me accountable, right? Well, perhaps. There are certainly some cases where this can be abused, but we're going to ignore them because they aren't the real issue. The real issue is where you can craft two messages that will have the same signature and the submit one of the for someone else to sign.



                    The canonical example here is a x.509 (SSL/TLS) certificate request. In this case, a poorly designed certificate signing process can be leveraged to induce a Certificate Authority to sign a certificate for one subject or with one set of properties (like an end-entity certificate), only to have the signature collide with the signature for a second certificate also generated by the attackers that would not have been issued for a subject the attackers don't control, or a CA cert, and that rouge cert can now benefit from the perfectly valid signature associated with first, benign certificate.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered 8 hours ago









                    XanderXander

                    33.8k12 gold badges102 silver badges128 bronze badges




                    33.8k12 gold badges102 silver badges128 bronze badges


























                        3















                        Xander's answer is fundamentally correct: the issue is getting someone else to sign a benign message and use the signature for the malicious one. It is worth noting that although when you make a collision you don't get to decide on the messages directly, you often do get to decide on part of the message. For example I couldn't persuade you to sign "My name is KOLANICH" and swap it for "My name is Josiah": the hashes are vanishingly unlikely to match. However I might be able to get you to sign "Please pay account number X $50 for shoes with reference code ZZZZZZZZZZ." and then replace it with "Please pay account number X $50000 with reference code YYYYYYYYYY." In this scenario I choose whichever Y and Z I need to get the collision.



                        An additional reason that they are considered insecure is a canary in a coal mine situation. It is easier to find a collision than to find a second preimage; strictly so because if you had a second preimage attack you automatically have a collision, but not vice versa. However, even though having a technique for finding a collision doesn't directly give you second preimages, it does suggest that there is some regularity to the hash function that is likely to surface vulnerabilities which would with further research allow finding preimages.






                        share|improve this answer































                          3















                          Xander's answer is fundamentally correct: the issue is getting someone else to sign a benign message and use the signature for the malicious one. It is worth noting that although when you make a collision you don't get to decide on the messages directly, you often do get to decide on part of the message. For example I couldn't persuade you to sign "My name is KOLANICH" and swap it for "My name is Josiah": the hashes are vanishingly unlikely to match. However I might be able to get you to sign "Please pay account number X $50 for shoes with reference code ZZZZZZZZZZ." and then replace it with "Please pay account number X $50000 with reference code YYYYYYYYYY." In this scenario I choose whichever Y and Z I need to get the collision.



                          An additional reason that they are considered insecure is a canary in a coal mine situation. It is easier to find a collision than to find a second preimage; strictly so because if you had a second preimage attack you automatically have a collision, but not vice versa. However, even though having a technique for finding a collision doesn't directly give you second preimages, it does suggest that there is some regularity to the hash function that is likely to surface vulnerabilities which would with further research allow finding preimages.






                          share|improve this answer





























                            3














                            3










                            3









                            Xander's answer is fundamentally correct: the issue is getting someone else to sign a benign message and use the signature for the malicious one. It is worth noting that although when you make a collision you don't get to decide on the messages directly, you often do get to decide on part of the message. For example I couldn't persuade you to sign "My name is KOLANICH" and swap it for "My name is Josiah": the hashes are vanishingly unlikely to match. However I might be able to get you to sign "Please pay account number X $50 for shoes with reference code ZZZZZZZZZZ." and then replace it with "Please pay account number X $50000 with reference code YYYYYYYYYY." In this scenario I choose whichever Y and Z I need to get the collision.



                            An additional reason that they are considered insecure is a canary in a coal mine situation. It is easier to find a collision than to find a second preimage; strictly so because if you had a second preimage attack you automatically have a collision, but not vice versa. However, even though having a technique for finding a collision doesn't directly give you second preimages, it does suggest that there is some regularity to the hash function that is likely to surface vulnerabilities which would with further research allow finding preimages.






                            share|improve this answer















                            Xander's answer is fundamentally correct: the issue is getting someone else to sign a benign message and use the signature for the malicious one. It is worth noting that although when you make a collision you don't get to decide on the messages directly, you often do get to decide on part of the message. For example I couldn't persuade you to sign "My name is KOLANICH" and swap it for "My name is Josiah": the hashes are vanishingly unlikely to match. However I might be able to get you to sign "Please pay account number X $50 for shoes with reference code ZZZZZZZZZZ." and then replace it with "Please pay account number X $50000 with reference code YYYYYYYYYY." In this scenario I choose whichever Y and Z I need to get the collision.



                            An additional reason that they are considered insecure is a canary in a coal mine situation. It is easier to find a collision than to find a second preimage; strictly so because if you had a second preimage attack you automatically have a collision, but not vice versa. However, even though having a technique for finding a collision doesn't directly give you second preimages, it does suggest that there is some regularity to the hash function that is likely to surface vulnerabilities which would with further research allow finding preimages.







                            share|improve this answer














                            share|improve this answer



                            share|improve this answer








                            edited 6 hours ago

























                            answered 7 hours ago









                            JosiahJosiah

                            9505 silver badges11 bronze badges




                            9505 silver badges11 bronze badges
























                                0















                                Well, in theory you would be right. In some very specific cases those hashes would not be completely broken.



                                However, you would need to be extra cautious, and supposedly some "self-generated" data could actually be insecure. Would you consider the check's written by the accountant to be self-generated by the accountant? Apparently yes, but it actually contains externally controlled data that could be used to produce a signature of a different content.




                                So should such hash functions be considered secure for things like self-signed certificates and code signing?




                                You don't really verify self-signed certificates, so you could ignore the hash function used.



                                On the other hand, I wouldn't consider it secure for code signing. You are probably using external libraries, so a third party could have prepared a library that, when compiled, allowed it to replace a block of code with a malicious one that collides with it.



                                Please note that although in some specific cases a "broken hash" may work, given that we have perfectly fine non-broken hash functions, that don't need such careful detail, it is much better to use them when possible.



                                And finally, do remember attacks only get worse with time. The security margin of that function is much severed than of collision resistant ones. An attack that one day seemed unfeasible, or a hash function that was "only" not collision-resistant, not-too-long after may be further broken with a new discovery, forcing you to need to change it real quick.






                                share|improve this answer





























                                  0















                                  Well, in theory you would be right. In some very specific cases those hashes would not be completely broken.



                                  However, you would need to be extra cautious, and supposedly some "self-generated" data could actually be insecure. Would you consider the check's written by the accountant to be self-generated by the accountant? Apparently yes, but it actually contains externally controlled data that could be used to produce a signature of a different content.




                                  So should such hash functions be considered secure for things like self-signed certificates and code signing?




                                  You don't really verify self-signed certificates, so you could ignore the hash function used.



                                  On the other hand, I wouldn't consider it secure for code signing. You are probably using external libraries, so a third party could have prepared a library that, when compiled, allowed it to replace a block of code with a malicious one that collides with it.



                                  Please note that although in some specific cases a "broken hash" may work, given that we have perfectly fine non-broken hash functions, that don't need such careful detail, it is much better to use them when possible.



                                  And finally, do remember attacks only get worse with time. The security margin of that function is much severed than of collision resistant ones. An attack that one day seemed unfeasible, or a hash function that was "only" not collision-resistant, not-too-long after may be further broken with a new discovery, forcing you to need to change it real quick.






                                  share|improve this answer



























                                    0














                                    0










                                    0









                                    Well, in theory you would be right. In some very specific cases those hashes would not be completely broken.



                                    However, you would need to be extra cautious, and supposedly some "self-generated" data could actually be insecure. Would you consider the check's written by the accountant to be self-generated by the accountant? Apparently yes, but it actually contains externally controlled data that could be used to produce a signature of a different content.




                                    So should such hash functions be considered secure for things like self-signed certificates and code signing?




                                    You don't really verify self-signed certificates, so you could ignore the hash function used.



                                    On the other hand, I wouldn't consider it secure for code signing. You are probably using external libraries, so a third party could have prepared a library that, when compiled, allowed it to replace a block of code with a malicious one that collides with it.



                                    Please note that although in some specific cases a "broken hash" may work, given that we have perfectly fine non-broken hash functions, that don't need such careful detail, it is much better to use them when possible.



                                    And finally, do remember attacks only get worse with time. The security margin of that function is much severed than of collision resistant ones. An attack that one day seemed unfeasible, or a hash function that was "only" not collision-resistant, not-too-long after may be further broken with a new discovery, forcing you to need to change it real quick.






                                    share|improve this answer













                                    Well, in theory you would be right. In some very specific cases those hashes would not be completely broken.



                                    However, you would need to be extra cautious, and supposedly some "self-generated" data could actually be insecure. Would you consider the check's written by the accountant to be self-generated by the accountant? Apparently yes, but it actually contains externally controlled data that could be used to produce a signature of a different content.




                                    So should such hash functions be considered secure for things like self-signed certificates and code signing?




                                    You don't really verify self-signed certificates, so you could ignore the hash function used.



                                    On the other hand, I wouldn't consider it secure for code signing. You are probably using external libraries, so a third party could have prepared a library that, when compiled, allowed it to replace a block of code with a malicious one that collides with it.



                                    Please note that although in some specific cases a "broken hash" may work, given that we have perfectly fine non-broken hash functions, that don't need such careful detail, it is much better to use them when possible.



                                    And finally, do remember attacks only get worse with time. The security margin of that function is much severed than of collision resistant ones. An attack that one day seemed unfeasible, or a hash function that was "only" not collision-resistant, not-too-long after may be further broken with a new discovery, forcing you to need to change it real quick.







                                    share|improve this answer












                                    share|improve this answer



                                    share|improve this answer










                                    answered 2 hours ago









                                    ÁngelÁngel

                                    10.9k2 gold badges16 silver badges42 bronze badges




                                    10.9k2 gold badges16 silver badges42 bronze badges






























                                        draft saved

                                        draft discarded
















































                                        Thanks for contributing an answer to Information Security Stack Exchange!


                                        • Please be sure to answer the question. Provide details and share your research!

                                        But avoid


                                        • Asking for help, clarification, or responding to other answers.

                                        • Making statements based on opinion; back them up with references or personal experience.

                                        To learn more, see our tips on writing great answers.




                                        draft saved


                                        draft discarded














                                        StackExchange.ready(
                                        function ()
                                        StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f215836%2fwhy-are-non-collision-resistant-hash-functions-considered-insecure-for-signing-s%23new-answer', 'question_page');

                                        );

                                        Post as a guest















                                        Required, but never shown





















































                                        Required, but never shown














                                        Required, but never shown












                                        Required, but never shown







                                        Required, but never shown

































                                        Required, but never shown














                                        Required, but never shown












                                        Required, but never shown







                                        Required, but never shown







                                        Popular posts from this blog

                                        Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

                                        Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

                                        199年 目錄 大件事 到箇年出世嗰人 到箇年死嗰人 節慶、風俗習慣 導覽選單